From: Tom Lendacky <thomas.lendacky@amd.com>
To: nikunj@amd.com, linux-kernel@vger.kernel.org, x86@kernel.org,
kvm@vger.kernel.org,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: bp@alien8.de, mingo@redhat.com, tglx@linutronix.de,
dave.hansen@linux.intel.com, dionnaglaze@google.com,
pgonda@google.com, seanjc@google.com, pbonzini@redhat.com
Subject: Re: [PATCH v5 09/14] x86/sev: Add Secure TSC support for SNP guests
Date: Thu, 2 Nov 2023 09:29:22 -0500 [thread overview]
Message-ID: <0c4ea410-4213-4ab6-9151-da312a50aacf@amd.com> (raw)
In-Reply-To: <60e5b46c-7e4b-44bb-a76f-a4b30b154d4a@amd.com>
On 11/2/23 00:36, Nikunj A. Dadhania wrote:
> On 10/31/2023 1:56 AM, Tom Lendacky wrote:
>> On 10/30/23 01:36, Nikunj A Dadhania wrote:
>>> Add support for Secure TSC in SNP enabled guests. Secure TSC allows
>>> guest to securely use RDTSC/RDTSCP instructions as the parameters
>>> being used cannot be changed by hypervisor once the guest is launched.
>>>
>>> During the boot-up of the secondary cpus, SecureTSC enabled guests
>>> need to query TSC info from AMD Security Processor. This communication
>>> channel is encrypted between the AMD Security Processor and the guest,
>>> the hypervisor is just the conduit to deliver the guest messages to
>>> the AMD Security Processor. Each message is protected with an
>>> AEAD (AES-256 GCM). Use minimal AES GCM library to encrypt/decrypt SNP
>>> Guest messages to communicate with the PSP.
>>
>> Add to this commit message that you're using the enc_init hook to perform some Secure TSC initialization and why you have to do that.
>
> Sure, will add.
>
>>>
>>> Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
>>> ---
>>> arch/x86/coco/core.c | 3 ++
>>> arch/x86/include/asm/sev-guest.h | 18 +++++++
>>> arch/x86/include/asm/sev.h | 2 +
>>> arch/x86/include/asm/svm.h | 6 ++-
>>> arch/x86/kernel/sev.c | 82 ++++++++++++++++++++++++++++++++
>>> arch/x86/mm/mem_encrypt_amd.c | 6 +++
>>> include/linux/cc_platform.h | 8 ++++
>>> 7 files changed, 123 insertions(+), 2 deletions(-)
>>>
>>> +void __init snp_secure_tsc_prepare(void)
>>> +{
>>> + if (!cc_platform_has(CC_ATTR_GUEST_SECURE_TSC))
>>> + return;
>>> +
>>> + if (snp_get_tsc_info())
>>> + sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);
>>
>> How about using SEV_TERM_SET_LINUX and a new GHCB_TERM_SECURE_TSC_INFO.
>
> Yes, we can do that, I remember you had said this will required GHCB spec change and then thought of sticking with the current return code.
No spec change needed. The base SNP support is already using it, so not an
issue to add a new error code.
Thanks,
Tom
next prev parent reply other threads:[~2023-11-02 14:29 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-30 6:36 [PATCH v5 00/14] Add Secure TSC support for SNP guests Nikunj A Dadhania
2023-10-30 6:36 ` [PATCH v5 01/14] virt: sev-guest: Use AES GCM crypto library Nikunj A Dadhania
2023-10-30 17:51 ` Tom Lendacky
2023-11-02 3:33 ` Nikunj A. Dadhania
2023-10-30 6:36 ` [PATCH v5 02/14] virt: sev-guest: Move mutex to SNP guest device structure Nikunj A Dadhania
2023-10-30 6:36 ` [PATCH v5 03/14] virt: sev-guest: Replace dev_dbg with pr_debug Nikunj A Dadhania
2023-10-30 6:36 ` [PATCH v5 04/14] virt: sev-guest: Add SNP guest request structure Nikunj A Dadhania
2023-10-30 18:16 ` Tom Lendacky
2023-11-02 4:01 ` Nikunj A. Dadhania
2023-10-30 6:36 ` [PATCH v5 05/14] virt: sev-guest: Add vmpck_id to snp_guest_dev struct Nikunj A Dadhania
2023-10-30 16:16 ` Dionna Amalie Glaze
2023-10-30 17:12 ` Tom Lendacky
2023-11-02 4:03 ` Nikunj A. Dadhania
2023-10-30 18:26 ` Tom Lendacky
2023-10-30 6:36 ` [PATCH v5 06/14] x86/sev: Cache the secrets page address Nikunj A Dadhania
2023-10-30 6:36 ` [PATCH v5 07/14] x86/sev: Move and reorganize sev guest request api Nikunj A Dadhania
2023-10-30 19:16 ` Tom Lendacky
2023-11-02 4:28 ` Nikunj A. Dadhania
2023-11-02 14:17 ` Tom Lendacky
2023-10-30 6:36 ` [PATCH v5 08/14] x86/mm: Add generic guest initialization hook Nikunj A Dadhania
2023-10-30 17:23 ` Dave Hansen
2023-11-02 4:30 ` Nikunj A. Dadhania
2023-10-30 19:19 ` Tom Lendacky
2023-11-02 5:08 ` Nikunj A. Dadhania
2023-10-30 6:36 ` [PATCH v5 09/14] x86/sev: Add Secure TSC support for SNP guests Nikunj A Dadhania
2023-10-30 16:46 ` Dionna Amalie Glaze
2023-11-02 5:13 ` Nikunj A. Dadhania
2023-10-30 20:26 ` Tom Lendacky
2023-11-02 5:36 ` Nikunj A. Dadhania
2023-11-02 14:29 ` Tom Lendacky [this message]
2023-11-02 5:41 ` Nikunj A. Dadhania
2023-11-02 10:36 ` Kirill A. Shutemov
2023-11-06 10:45 ` Nikunj A. Dadhania
2023-11-06 13:00 ` Kirill A. Shutemov
2023-10-30 6:36 ` [PATCH v5 10/14] x86/sev: Change TSC MSR behavior for Secure TSC enabled guests Nikunj A Dadhania
2023-10-30 6:36 ` [PATCH v5 11/14] x86/sev: Prevent RDTSC/RDTSCP interception " Nikunj A Dadhania
2023-10-30 20:32 ` Tom Lendacky
2023-11-02 5:47 ` Nikunj A. Dadhania
2023-10-30 6:36 ` [PATCH v5 12/14] x86/kvmclock: Skip kvmclock when Secure TSC is available Nikunj A Dadhania
2023-10-30 21:00 ` Tom Lendacky
2023-11-02 5:39 ` Nikunj A. Dadhania
2023-10-30 6:36 ` [PATCH v5 13/14] x86/tsc: Mark Secure TSC as reliable clocksource Nikunj A Dadhania
2023-10-30 17:18 ` Dave Hansen
2023-11-02 5:53 ` Nikunj A. Dadhania
2023-11-02 10:33 ` Kirill A. Shutemov
2023-11-02 12:07 ` Nikunj A. Dadhania
2023-11-02 12:16 ` Nikunj A. Dadhania
2023-11-02 12:38 ` Kirill A. Shutemov
2023-11-06 11:53 ` Nikunj A. Dadhania
2023-11-06 13:03 ` Kirill A. Shutemov
2023-10-30 6:36 ` [PATCH v5 14/14] x86/sev: Enable Secure TSC for SNP guests Nikunj A Dadhania
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0c4ea410-4213-4ab6-9151-da312a50aacf@amd.com \
--to=thomas.lendacky@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=dionnaglaze@google.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=pgonda@google.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox